Category Archives: Rootkit

Win64:Rootkit-gen [Rtk]

Win64:Rootkit-gen [Rtk] also known as Gen:Variant.Jaik.10942 (B), Trojan.Jaik.D2ABE, Win32/Trojan.899. Malware Analysis of Win64:Rootkit-gen [Rtk] – BTHUDTAS.EXE Created files: %SYSDIR%\BTHUDTAS.EXE %SYSDIR%\DCCWS.EXE %SYSDIR%\SRVANY.EXE Detected by UnHackMe: BTHUDTAS.EXE Default location: %SYSDIR%\BTHUDTAS.EXE Dropper hash(md5): 4fd7fcdba65c57cebfbabc4ab289d0f6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

RootKit ( 004fa84b1 )

RootKit ( 004fa84b1 ) also known as Trojan.Win32.Rootkit. Malware Analysis of RootKit ( 004fa84b1 ) – RTDXFTEX.SYS Created files: %TEMP%\BAIDU_SERVER.PEM %PROFILE%\DESKTOP\????.LNK %SYSDIR%\DRIVERS\RTDXFTEX.SYS Autostart registry keys: HKLM\System\CurrentControlSet\services\AdAnti\ImagePath: “\??\%Program Files%\AdAnti\driver\win32\AdAnti.sys” HKLM\System\CurrentControlSet\services\AdAnti\DisplayName: “AdAnti” HKLM\System\CurrentControlSet\services\AdAntiSvc\ImagePath: “”%Program Files%\AdAnti\AdAntiSvc.exe”” HKLM\System\CurrentControlSet\services\AdAntiSvc\DisplayName: “AdAnti Host Service” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTDXFTEX\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\RTDXFTEX.SYS” HKLM\System\CurrentControlSet\services\rtdxftex\DisplayName: “rtdxftex” Detected by UnHackMe: RTDXFTEX.SYS Default location: %SYSDIR%\DRIVERS\RTDXFTEX.SYS Dropper hash(md5): a45fbb10d6633a2492f5cd281e9ba4b9 Share This: UnHackMe removes…

Continue reading

Mal/RootKit-A

Mal/RootKit-A also known as malicious_confidence_65% (D). Malware Analysis of Mal/RootKit-A – BFDRV.SYS Created files: %APPDATA%\BAOFENGTEMP\BFDESKTOPSHELL.DLL %APPDATA%\BAOFENGTEMP\BFDESKTOPSHELL64.DLL %APPDATA%\BAOFENGTEMP\BFDRV.SYS %APPDATA%\BAOFENGTEMP\BFGAMEMANAGER.EXE %APPDATA%\BAOFENGTEMP\BFHD.EXE Detected by UnHackMe: BFDRV.SYS DEFAULT LOCATION: %APPDATA%\BAOFENGTEMP\BFDRV.SYS Dropper hash(md5): 680ff71c9466cee119309242209433ec Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Win32.Rootkit.Antiav.Vsqh

Win32.Rootkit.Antiav.Vsqh also known as Hacktool ( 004df96f1 ), Riskware/Agent, Trojan.Kryptik.Win32.831204. Malware Analysis of Win32.Rootkit.Antiav.Vsqh – MSLMEDIA.SYS Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\D9601292-B9FF-4FDB-948D-ECAC8441B90E %SYSDIR%\DRIVERS\MSJCLOCK.SYS %SYSDIR%\DRIVERS\MSLMEDIA.SYS %WINDIR%\HLLOG.TXT %WINDIR%\SETUPSTI.LOG Autostart registry keys: HKLM\System\CurrentControlSet\services\Mslmedia\ImagePath: “system32\DRIVERS\Mslmedia.sys” HKLM\System\CurrentControlSet\services\Mslmedia\DisplayName: “Mslmedia” Detected by UnHackMe: MSLMEDIA.SYS Default location: %SYSDIR%\DRIVERS\MSLMEDIA.SYS Dropper hash(md5): 0da8d73db512fb7015b9cc327cfd115d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

Rootkit-Pakes.AN

Rootkit-Pakes.AN also known as Trojan.Downloader.Farfly.L, Backdoor.Win32.Koutodoor.36864.I[h], Win32/Koutodoor.C!generic. Malware Analysis of Rootkit-Pakes.AN – MBLA.DLL Created files: %SYSDIR%\DRIVERS\ASS.SYS %SYSDIR%\DRIVERS\XBHI.SYS %SYSDIR%\MBLA.DLL %SYSDIR%\MOTRPSS.DLL %WINDIR%\TEMP\WER-51062-0.SYSDATA.XML Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\System\CurrentControlSet\services\ass\ImagePath: “system32\drivers\ass.sys” HKLM\System\CurrentControlSet\services\ass\DisplayName: “ass” HKLM\System\CurrentControlSet\services\xbhi\ImagePath: “system32\drivers\xbhi.sys” HKLM\System\CurrentControlSet\services\xbhi\DisplayName: “xbhi” Detected by UnHackMe: MBLA.DLL Default location: %SYSDIR%\MBLA.DLL Dropper hash(md5): 0416d45c67bd3b680c8111c5db9285b1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

Rootkit.Win32.Agent.c

Rootkit.Win32.Agent.c also known as Trojan.Downloader.Farfly.L, Trojan.Downloader.Farfly.L, W32/Koutodoor.A!tr.rkit. Malware Analysis of Rootkit.Win32.Agent.c – ASS.SYS Created files: %WINDIR%\MEMORY.DMP %WINDIR%\MINIDUMP\081816-25562-01.DMP %SYSDIR%\DRIVERS\ASS.SYS %SYSDIR%\DRIVERS\XBHI.SYS %SYSDIR%\MBLA.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*WerKernelReporting: “%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq” HKLM\System\CurrentControlSet\services\ass\ImagePath: “system32\drivers\ass.sys” HKLM\System\CurrentControlSet\services\ass\DisplayName: “ass” HKLM\System\CurrentControlSet\services\xbhi\ImagePath: “system32\drivers\xbhi.sys” HKLM\System\CurrentControlSet\services\xbhi\DisplayName: “xbhi” Detected by UnHackMe: ASS.SYS Default location: %SYSDIR%\DRIVERS\ASS.SYS Dropper hash(md5): 0416d45c67bd3b680c8111c5db9285b1 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

Rootkit/Fu.A

Rootkit/Fu.A also known as TrojanSpy.Delf.dv, TrojanSpy.Delf!llA5do2FExw. Malware Analysis of Rootkit/Fu.A – QQMSGSHOOK.DLL Created files: %WINDIR%\QQMSGS.DLL %WINDIR%\QQMSGS.EXE %WINDIR%\QQMSGSHOOK.DLL Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NERWORK DDE IC\IMAGEPATH: “%WINDIR%\QQMSGS.EXE” HKLM\System\CurrentControlSet\services\Nerwork DDE IC\DisplayName: “Nerwork DDE IC” Detected by UnHackMe: QQMSGSHOOK.DLL Default location: %WinDir%\QQMSGSHOOK.DLL Dropper hash(md5): 05e6ea0c41178327df8433279a78f0ef Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

Rootkit/Agent.HQA

Rootkit/Agent.HQA also known as Win32/Pecoan!generic, Backdoor.Nuwar!242E, Riskware. Malware Analysis of Rootkit/Agent.HQA – CLEAN3B28-1A3F.SYS Created files: %SYSDIR%\CLEAN.CONFIG %SYSDIR%\CLEAN3B28-1A3F.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLEAN3B28-1A3F\IMAGEPATH: “\??\%SYSDIR%\CLEAN3B28-1A3F.SYS” HKLM\System\CurrentControlSet\services\clean3b28-1a3f\DisplayName: “clean3b28-1a3f” Detected by UnHackMe: CLEAN3B28-1A3F.SYS Default location: %SYSDIR%\CLEAN3B28-1A3F.SYS Dropper hash(md5): d692af903a4904439b5fa90f58349e00 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Win32.Rootkit.Vmprotect.Rijw

Win32.Rootkit.Vmprotect.Rijw also known as Trojan.Win32.Generic!BT, Trojan.Win32.Generic.dx, Trojan.Agent. Malware Analysis of Win32.Rootkit.Vmprotect.Rijw – K69KM3UI.SYS Created files: %SYSDIR%\DRIVERS\K69KM3UI.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\K69KM3UI\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\K69KM3UI.SYS” HKLM\System\CurrentControlSet\services\k69KM3uI\DisplayName: “k69KM3uI” Detected by UnHackMe: K69KM3UI.SYS Default location: %SYSDIR%\DRIVERS\K69KM3UI.SYS Dropper hash(md5): 5fa0dd4f5844c323448b567b9dbbca10 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Virus.Rootkit.Win32.Agent

Virus.Rootkit.Win32.Agent also known as Rootkit.Win32.Agent.evk, Rootkit.Win32.Agent.evk. Malware Analysis of Virus.Rootkit.Win32.Agent – SYSAUDIO.SYS Created files: %TEMP%\WER1D6D.TMP.APPCOMPAT.TXT %TEMP%\WER1DAD.TMP.MDMP %TEMP%\WERF57B.TMP.WERINTERNALMETADATA.XML %SYSDIR%\SYSAUDIO.SYS Detected by UnHackMe: SYSAUDIO.SYS Default location: %SYSDIR%\SYSAUDIO.SYS Dropper hash(md5): 20dc0e37e64beaf19ad29bcea431a867 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Rootkit.Win32.Agent.evk

Rootkit.Win32.Agent.evk also known as Virus.Rootkit.Win32.Agent, Malicious Software. Malware Analysis of Rootkit.Win32.Agent.evk – SYSAUDIO.SYS Created files: %TEMP%\WER1D6D.TMP.APPCOMPAT.TXT %TEMP%\WER1DAD.TMP.MDMP %TEMP%\WERF57B.TMP.WERINTERNALMETADATA.XML %SYSDIR%\SYSAUDIO.SYS Detected by UnHackMe: SYSAUDIO.SYS Default location: %SYSDIR%\SYSAUDIO.SYS Dropper hash(md5): 20dc0e37e64beaf19ad29bcea431a867 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

a variant of Win32/Rootkit.Podnuha.NB

a variant of Win32/Rootkit.Podnuha.NB also known as Troj/BHO-HB, BehavesLike.Win32.Boaxxe.mc, Troj.W32.Gen.laUt. Malware Analysis of a variant of Win32/Rootkit.Podnuha.NB – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Rootkit.Win32.Podnuha

Rootkit.Win32.Podnuha also known as Trojan ( 7000000f1 ), Trojan/Podnuha.axz, Gen:Variant.Barys.7949. Malware Analysis of Rootkit.Win32.Podnuha – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Rootkit.Podnuha.am

Rootkit.Podnuha.am also known as BehavesLike.Win32.Boaxxe.mc, HEUR:Trojan.Win32.Generic, W32/Podnuha.A.gen!Eldorado. Malware Analysis of Rootkit.Podnuha.am – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

a variant of Win32/Rootkit.Podnuha.NB

a variant of Win32/Rootkit.Podnuha.NB also known as Troj/BHO-HB, BehavesLike.Win32.Boaxxe.mc, Troj.W32.Gen.laUt. Malware Analysis of a variant of Win32/Rootkit.Podnuha.NB – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Rootkit.Win32.Podnuha

Rootkit.Win32.Podnuha also known as Trojan ( 7000000f1 ), Trojan/Podnuha.axz, Gen:Variant.Barys.7949. Malware Analysis of Rootkit.Win32.Podnuha – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Rootkit.Podnuha.am

Rootkit.Podnuha.am also known as BehavesLike.Win32.Boaxxe.mc, HEUR:Trojan.Win32.Generic, W32/Podnuha.A.gen!Eldorado. Malware Analysis of Rootkit.Podnuha.am – APILOGE.DLL Created files: %SYSDIR%\APILOGE.DLL Detected by UnHackMe: APILOGE.DLL Default location: %SYSDIR%\APILOGE.DLL Dropper hash(md5): 9221bd18eaf89b67116a417856686acd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Win32/RootKit.Rootkit.c79

Win32/RootKit.Rootkit.c79 also known as Rootkit.Agent!DMsYxyWNTQA, Riskware ( 0015e4f01 ), Hacktool.Rootkit. Malware Analysis of Win32/RootKit.Rootkit.c79 – 182C6D0D.SYS Created files: %SYSDIR%\182C6D0D.SYS %SYSDIR%\DMLOCALSVC.DLL %SYSDIR%\FASTUSERSWITCHINGCOMPATIBILITY.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\182C6D0D.sys” Detected by UnHackMe: 182C6D0D.SYS Default location: %SYSDIR%\182C6D0D.SYS Dropper hash(md5): c7b0965034e56a5b085be0b2204f56b0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading

Rootkit.W32.Agent.bmuf!c

Rootkit.W32.Agent.bmuf!c also known as TR/Jadtre.E, Hacktool.Rootkit, Gen:Variant.Jadtre.1. Malware Analysis of Rootkit.W32.Agent.bmuf!c – 182C6D0D.SYS Created files: %SYSDIR%\182C6D0D.SYS %SYSDIR%\DMLOCALSVC.DLL %SYSDIR%\FASTUSERSWITCHINGCOMPATIBILITY.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\182C6D0D.sys” Detected by UnHackMe: 182C6D0D.SYS Default location: %SYSDIR%\182C6D0D.SYS Dropper hash(md5): c7b0965034e56a5b085be0b2204f56b0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

Rootkit.W32.Agent.bjhx!c

Rootkit.W32.Agent.bjhx!c also known as Gen:Variant.Jadtre.1, Gen:Variant.Jadtre.1 (B), RTKT_WAPOMI.SM. Malware Analysis of Rootkit.W32.Agent.bjhx!c – 4D835E9C.SYS Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_C3406B36656359CA7AB39E3E78CE5F8EDCC9D9_CAB_0FC822E6\WEREC66.TMP.WERINTERNALMETADATA.XML %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_SVCHOST.EXE_C3406B36656359CA7AB39E3E78CE5F8EDCC9D9_CAB_0FC822E6\WERECD4.TMP.HDMP %SYSDIR%\4D835E9C.SYS %SYSDIR%\DMUTILIO.DLL %SYSDIR%\FASTUSERSWITCHINGCOMPATIBILITY.DLL Autostart registry keys: HKLM\System\CurrentControlSet\services\4D835E9C\ImagePath: “system32\4D835E9C.sys” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” Detected by UnHackMe: 4D835E9C.SYS Default location: %SYSDIR%\4D835E9C.SYS Dropper hash(md5): c7b590fde6b9a85474fcb5ac54c859f0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading

Win32/RootKit.Rootkit.4cc

Win32/RootKit.Rootkit.4cc also known as Trojan.Gen.2, W32/Agent.DIGY!tr.rkit, Gen:Variant.Jadtre.1. Malware Analysis of Win32/RootKit.Rootkit.4cc – 19587007.SYS Created files: %SYSDIR%\0CBC0608.TMP %SYSDIR%\12E6065C.TMP %SYSDIR%\19587007.SYS %SYSDIR%\1F053804.SYS %SYSDIR%\290C65E1.SYS Autostart registry keys: HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout File: “KBDUS.DLL” HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout Text: “0CBC0F32” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\290C65E1\IMAGEPATH: “\??\%SYSDIR%\290C65E1.SYS” HKLM\System\CurrentControlSet\services\290C65E1\DisplayName: “290C65E1” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\335036C5\IMAGEPATH: “\??\%SYSDIR%\335036C5.SYS” HKLM\System\CurrentControlSet\services\335036C5\DisplayName: “335036C5” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\436524D7\IMAGEPATH: “\??\%SYSDIR%\436524D7.SYS” HKLM\System\CurrentControlSet\services\436524D7\DisplayName: “436524D7” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\helpsvc\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\helpsvc\DisplayName: “helpsvc”…

Continue reading

Rootkit.W32.Agent.bmji!c

Rootkit.W32.Agent.bmji!c also known as Trojan.Win32.Generic!BT, Win32.HLLP.Protil.1, W32/Agent.DIGY!tr.rkit. Malware Analysis of Rootkit.W32.Agent.bmji!c – 19587007.SYS Created files: %SYSDIR%\0CBC0608.TMP %SYSDIR%\12E6065C.TMP %SYSDIR%\19587007.SYS %SYSDIR%\1F053804.SYS %SYSDIR%\290C65E1.SYS Autostart registry keys: HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout File: “KBDUS.DLL” HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout Text: “0CBC0F32” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\290C65E1\IMAGEPATH: “\??\%SYSDIR%\290C65E1.SYS” HKLM\System\CurrentControlSet\services\290C65E1\DisplayName: “290C65E1” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\335036C5\IMAGEPATH: “\??\%SYSDIR%\335036C5.SYS” HKLM\System\CurrentControlSet\services\335036C5\DisplayName: “335036C5” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\436524D7\IMAGEPATH: “\??\%SYSDIR%\436524D7.SYS” HKLM\System\CurrentControlSet\services\436524D7\DisplayName: “436524D7” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\helpsvc\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\helpsvc\DisplayName: “helpsvc”…

Continue reading

Rootkit.Agent!+hmm59d6D7U

Rootkit.Agent!+hmm59d6D7U also known as Artemis!6A006AED8570, Virus.Win32.Wapomi.aoKm, Win32:Jadtre-H [Rtk]. Malware Analysis of Rootkit.Agent!+hmm59d6D7U – 19587007.SYS Created files: %SYSDIR%\0CBC0608.TMP %SYSDIR%\12E6065C.TMP %SYSDIR%\19587007.SYS %SYSDIR%\1F053804.SYS %SYSDIR%\290C65E1.SYS Autostart registry keys: HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout File: “KBDUS.DLL” HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout Text: “0CBC0F32” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\290C65E1\IMAGEPATH: “\??\%SYSDIR%\290C65E1.SYS” HKLM\System\CurrentControlSet\services\290C65E1\DisplayName: “290C65E1” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\335036C5\IMAGEPATH: “\??\%SYSDIR%\335036C5.SYS” HKLM\System\CurrentControlSet\services\335036C5\DisplayName: “335036C5” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\436524D7\IMAGEPATH: “\??\%SYSDIR%\436524D7.SYS” HKLM\System\CurrentControlSet\services\436524D7\DisplayName: “436524D7” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\helpsvc\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\helpsvc\DisplayName:…

Continue reading

Rootkit.Agent.jtv

Rootkit.Agent.jtv also known as Win32.HLLP.Protil.1, Rootkit.Agent/Gen-SysX, Win.Trojan.Rootkit-1286. Malware Analysis of Rootkit.Agent.jtv – 19587007.SYS Created files: %SYSDIR%\0CBC0608.TMP %SYSDIR%\12E6065C.TMP %SYSDIR%\19587007.SYS %SYSDIR%\1F053804.SYS %SYSDIR%\290C65E1.SYS Autostart registry keys: HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout File: “KBDUS.DLL” HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010409\Layout Text: “0CBC0F32” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\290C65E1\IMAGEPATH: “\??\%SYSDIR%\290C65E1.SYS” HKLM\System\CurrentControlSet\services\290C65E1\DisplayName: “290C65E1” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\335036C5\IMAGEPATH: “\??\%SYSDIR%\335036C5.SYS” HKLM\System\CurrentControlSet\services\335036C5\DisplayName: “335036C5” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\436524D7\IMAGEPATH: “\??\%SYSDIR%\436524D7.SYS” HKLM\System\CurrentControlSet\services\436524D7\DisplayName: “436524D7” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\FastUserSwitchingCompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\helpsvc\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\helpsvc\DisplayName: “helpsvc”…

Continue reading

Heuristic.BehavesLike.Win32.Rootkit.L

Heuristic.BehavesLike.Win32.Rootkit.L also known as Backdoor.Agent.GIHI, W32/Agent.FVG!tr.bdr, Trojan-Downloader. Malware Analysis of Heuristic.BehavesLike.Win32.Rootkit.L – 3DA64705.DLL Created files: %SYSDIR%\1230D02E.EXE %SYSDIR%\3DA64705.DLL Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AE1BC751\IMAGEPATH: “%SYSDIR%\1230D02E.EXE -AE1BC751” HKLM\System\CurrentControlSet\services\AE1BC751\DisplayName: “AE1BC751” Detected by UnHackMe: 3DA64705.DLL Default location: %SYSDIR%\3DA64705.DLL Dropper hash(md5): c7af592587e730613ca7b636b3491ed9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Rootkit.Biosavp.Gen

Rootkit.Biosavp.Gen also known as Win32/TrojanDownloader.Perkesh.G, Trojan.Win32.Downloader.8192.NE, TROJ_PERKESH.SMF. Malware Analysis of Rootkit.Biosavp.Gen – ~8356.EXE Created files: %TEMP%\~8356.EXE %SYSDIR%\7H1GH.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msconfig: 43 3A 5C 57 69 6E 64 6F 77 73 5C 73 79 73 74 65 6D 33 32 5C 37 68 31 47 68 2E 65 78 65 00 00 00 00 00…

Continue reading

Rootkit.Agent.Win32.8762

Rootkit.Agent.Win32.8762 also known as Gen:Variant.Jadtre.1 (B), Trojan.TenThief.Guntior.ar, Trojan.Jadtre.1. Malware Analysis of Rootkit.Agent.Win32.8762 – 462F779E.SYS Created files: %Program Files%\Google\Chrome\Application\51.0.2704.63\Installer\debug.log %Program Files%\Google\Chrome\Temp\source3300_26262\chrome_patch.diff %SYSDIR%\462F779E.SYS %SYSDIR%\6D3E12AB.SYS %SYSDIR%\DMLOCALSVC.DLL Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\462F779E\IMAGEPATH: “\??\%SYSDIR%\462F779E.SYS” HKLM\System\CurrentControlSet\services\462F779E\DisplayName: “462F779E” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\ImagePath: “%SystemRoot%\System32\Svchost.exe -k netsvcs” HKLM\System\CurrentControlSet\services\fastuserswitchingcompatibility\DisplayName: “FastUserSwitchingCompatibility” HKLM\System\CurrentControlSet\services\drmkaud\ImagePath: “system32\drmkaud.sys” Detected by UnHackMe: 462F779E.SYS Default location: %SYSDIR%\462F779E.SYS Dropper hash(md5): c7ab3434d242e04e04adf195fc5c0bf0 Share This: UnHackMe removes malware invisible for…

Continue reading

Rootkit.Win32.Agent.cvug

Rootkit.Win32.Agent.cvug also known as Trojan.Generic.6808880, Trojan.Simda.a, Win32/Agent.SUC. Malware Analysis of Rootkit.Win32.Agent.cvug – 5605.SYS Created files: %TEMP%\5605.SYS %SYSDIR%\C_726523.NLS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\5605\IMAGEPATH: “\??\%TEMP%\5605.SYS” Detected by UnHackMe: 5605.SYS DEFAULT LOCATION: %TEMP%\5605.SYS Dropper hash(md5): 00486fcf6c28e0b5f6ef0adf3446b4c9 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Rootkit.Win32.Agent.

Rootkit.Win32.Agent. also known as Win32.Troj.OnlineGamesT.mq.(kcloud), W32/Perkesh.B.gen!Eldorado, Generic.Malware.P!dldg.C8B33004 (B). Malware Analysis of Rootkit.Win32.Agent. – DLL937.DLL Created files: %TEMP%\DLL937.DLL %SYSDIR%\NSKHELPER2.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NSRK1\IMAGEPATH: “\??\%SYSDIR%\NSKHELPER2.SYS” HKLM\System\CurrentControlSet\services\NsRk1\DisplayName: “NsRk1” Detected by UnHackMe: DLL937.DLL DEFAULT LOCATION: %TEMP%\DLL937.DLL Dropper hash(md5): 1cbdaae68772247b512baf3ec650f5c6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Rootkit.Win32.Agent.

Rootkit.Win32.Agent. also known as Win32.Troj.OnlineGamesT.mq.(kcloud), W32/Perkesh.B.gen!Eldorado, Generic.Malware.P!dldg.C8B33004 (B). Malware Analysis of Rootkit.Win32.Agent. – DLL937.DLL Created files: %TEMP%\DLL937.DLL %SYSDIR%\NSKHELPER2.SYS Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NSRK1\IMAGEPATH: “\??\%SYSDIR%\NSKHELPER2.SYS” HKLM\System\CurrentControlSet\services\NsRk1\DisplayName: “NsRk1” Detected by UnHackMe: DLL937.DLL DEFAULT LOCATION: %TEMP%\DLL937.DLL Dropper hash(md5): 1cbdaae68772247b512baf3ec650f5c6 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera